It seems that India is following the path of Russia and will monitor the online activities of its citizens more closely. Its most recent move will force internet infrastructure providers, including VPN services, to collect and, if requested, hand data over to the country's governing bodies.
As a result of CERT-in's order, on June 26, 2022 NordVPN will shut down its servers operating in India. However, apart from this, NordVPN services will operate as usual in the country.
India's Computer Emergency Response Team (CERT-in) ordered VPN companies, data centers, ISPs, hosting providers, and other internet infrastructure companies operating in India to collect their customer data, store it for five or more years, and hand it over to the government if requested. That means that a VPN company with servers in India may no longer be able to guarantee privacy for its users. The government body asks such companies to collect and report such data as:
Those that do not comply with the regulation can potentially face up to one year in prison. The directive also applies to cloud service providers and data centers. If it passes, the directive will take effect on June 28, although an interim period will pass until its full implementation.
Many major VPN providers adhere to strict privacy policies, which means that they don't collect or store customer data. No-logging features are usually embedded in their server architecture, and it would be complicated for providers to change it. Moreover, a reliable VPN company wouldn't agree to such a requirement for ethical and reputational reasons. So the passing of this law would mean that many premium VPN services would no longer be able to keep servers or even operate in India.
India doesn't rank high in terms of internet freedom, so such a request does not come out of the blue. In 2012, Reporters Without Borders added India to the list of countries under surveillance due to its internet surveillance practices and the pressure placed on service providers by the government. Freedom House also identifies India's internet as “partly free.”
Following the November 2008 terrorist attacks in Mumbai, the Indian Parliament amended the Information Technology Act (ITA) and expanded the government's censorship and monitoring capabilities.
India's internet restrictions haven't become more relaxed in recent years, either:
In the context of such events, VPN services are essential to Indian users who wish to enjoy a free online space. However, the pending directive will make VPNs a less compelling option for protecting online privacy.
Want to read more like this?
Get the latest news and tips from NordVPN